09c35db182f067444610db808916da9ad4d0445094b5975291cacb466df5e177

Analysis

max time kernel
167s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 07:16

Target

0e2257863419cbf71154665df5ecd621.exe
Size

50KB
MD5

0e2257863419cbf71154665df5ecd621
SHA1

4083f526b4c4e9f94aa33685c58642d554809c89
SHA256

09c35db182f067444610db808916da9ad4d0445094b5975291cacb466df5e177
SHA512

d1cd580e430d2a5ea7fe323ab200def7f75871a25e1e493389992baa45c952cac3ce8cf94e67b9241fbe9901187eb0bbf8cd3e8887d7d853f2583e3df5af0fa9
SSDEEP

768:01z2BYcBu4ujZ6FzruHuBNrbVp7RrBtJR/2BWuLXzJPK9VErYt4I:QB6FzruHuBNrbVhBOn89J6

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2932	2080	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2932	2080	0e2257863419cbf71154665df5ecd621.exe	28
PID 2080 wrote to memory of 2932	2080	0e2257863419cbf71154665df5ecd621.exe	28
PID 2080 wrote to memory of 2932	2080	0e2257863419cbf71154665df5ecd621.exe	28
PID 2080 wrote to memory of 2932	2080	0e2257863419cbf71154665df5ecd621.exe	28

C:\Users\Admin\AppData\Local\Temp\0e2257863419cbf71154665df5ecd621.exe
"C:\Users\Admin\AppData\Local\Temp\0e2257863419cbf71154665df5ecd621.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 96
  2⤵
  - Program crash
  PID:2932

memory/2080-0-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2080-3-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2080-4-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2080-1-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download